CS455/555 Fundamentals of Information Security (Archive of Spring 2022)
|Instructor:||W. Michael Petullo|
|Office location:||210 Wing Technology Center|
|Office hours:||2:10 p.m–3:00 every weekday and by appointment|
This course presents the fundamental concepts of information security. Basic policies, techniques, and tools for maintaining the security of host computers, information networks, and computer software are presented. Topics include encryption, authentication, access control, types of attacks and mitigations, software security, network security protocols, and the concepts of trust, privacy and ethics. Students are expected to compare security policies and techniques, apply concepts using modern tools and techniques, and explore recent security events.
CS 270, CS 340; junior standing.
Time and location
Tuesday and Thursday at 9:25 a.m.–10:50 p.m. in Centennial 2301
Student learning objectives
Understand and reason about the concepts of confidentiality, availability, and integrity in the context of information security problems and systems.
Understand and reason about different defense strategies including detection, recovery, deflection, deterrence, and prevention.
Understand that security applies to hardware, software, and data.
Understand and reason about authentication, access control, and privacy.
Describe the difference between security policy and practice.
Understand the concept of trust and how it related to security policy, security practice, and information assurance.
Explain the differences between sophisticated and unsophisticated attacks.
Understand several common attacks and be able to compare them; includes worms, viruses, denial of service, man-in-the-middle, buffer overflows, stack smashing, SQL injection, Trojan horses, keyloggers, phishing, back doors, rootkits, and bots.
Explain several specific attacks in detail from the exploit to detection and mitigation.
Explain how fuzzing can be used to detect vulnerabilities.
Explain how the operating system attempts to provide security including its use of address-space randomization, authentication, protection, and sandboxing.
Understand the structure of the web, the Internet, and common protocols such as IP, TCP, DNS, cookies, and XSS.
Understand security protocols and web security, including TLS/HTTPS.
Understand Internet authentication technologies, including X.509, Kerberos, and OAuth.
Understand and utilize popular encryption software and algorithms to encrypt and decrypt data.
Explain the differences between symmetric and asymmetric encryption.
Explain the features and limitations of encryption algorithms, including DES, AES, and RSA.
Please be prepared to take notes using a pen and paper, or use discipline while taking digital notes. Do not use the Internet for personal reasons during class. Do bring a laptop or other device capable of running the compilers and other tools we use in class; any lecture might include hands-on exercises.
Perform your assigned reading and other preparation before arriving for class. I will expect you to participate in class discussions, and I might call on you to contribute.
Review the Board of Regents’ Student Academic Disciplinary Procedures concerning academic integrity. Cheating undermines the integrity of this university and shows disrespect toward the work of your classmates. Starting coursework early will help you to avoid the temptation of cheating. Plagiarism or cheating in any form may result in a failing grade, and it might also warrant harsher disciplinary action. “Students are responsible for the honest completion and representation of their work, for the appropriate citation of sources, and for respect of others’ academic endeavors.”
On perseverance and the scientific method
You will inevitably encounter problems while trying to complete your coursework. Sometimes the confusing interfaces that our software applications present will lead you astray, and other times you will simply make an error. When something goes wrong, try to fix the problem! Make small, incremental changes, and observe their effects. Most importantly, think about how systems work, and then consider why the error you are observing might have arisen. Occasionally, you should stop what you are doing and start from scratch. Learning how to better troubleshoot should be a beneficial side effect of this course.
Homework will be submitted through Aquinas, a grading system that provides immediate feedback. Refer to the course schedule for the sequence of homework assignments, exams, and the final exam. Your running grade will be available through Aquinas.
|Event||Portion of grade|
|Homework||33% (3% per assignment)|
|Exams||37% (18½% per exam)|
Additional graduate requirement
This course is offered as both CS455 and CS555. As a “slash” course, graduate students must achieve a level of analysis and synthesis that exceeds the expectations of undergraduate students. Graduate students will select an academic paper from one of the following conferences, and they will summarize the paper to include a description of how the principles or insights in the paper could be applied to software written by the student. The allowed conferences are the USENIX Security Symposium, the ACM Conference on Computer and Communications Security, or the IEEE Symposium on Security and Privacy. The grade earned on this assignment will replace that of the first homework for graduate students.
Grades are assigned based on the following scale.
Assignments are due the moment class starts. Late assignments will lose points according to the table below.
|Up to 24 hours late||15% reduction|
|24–48 hours late||30% reduction|
|More than 48 hours late||No credit|
If some external circumstance causes you to be late, then you must notify your instructor in writing and before the assignment deadline in order to be considered for an exception. The act of notification does not automatically grant you an exception.
COVID-19 health statement
Students with COVID-19 symptoms or reason to believe they were in contact with COVID-19 should consult with a health professional, such as the Student Health Center. Students who are ill or engaging in self-quarantine at the direction of a health professional must not attend class. Students in this situation will not be required to provide formal documentation and will not be penalized for absences. However, students should:
- notify the instructor in advance of the absence, and provide him with an estimate of how long the absence might last;
- keep up with classwork, if able;
- submit assignments electronically;
- work with the instructor to either reschedule or remotely complete exams, labs, and other academic activities; and
- consistently communicate their status to the instructor during the absence.
Instructors have an obligation to provide reasonable accommodation for completing course requirements to students adversely effected by COVID-19. This policy relies on honor, honesty, and mutual respect between instructors and students. Students are expected to report the reason for absence truthfully and instructors are expected to trust the word of their students. University codes of conduct and rules for academic integrity apply to COVID-19 situations. Students may be advised by their instructor or academic advisor to consider a medical withdrawal depending on the course as well as the timing and severity of the illness. Students should work with the Office of Student Life if pursuing a medical withdrawal.